Impact
ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If any of these configuration files has an embedded NULL character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash.
Patches
Fixed in c-ares 1.27.0
Workarounds
No workarounds exist.
Credit
Vojtěch Vobr
vojtechvobr Reporter
Impact
ares__read_line()is used to parse local configuration files such as/etc/resolv.conf,/etc/nsswitch.conf, theHOSTALIASESfile, and if using a c-ares version prior to 1.22.0, the/etc/hostsfile. If any of these configuration files has an embeddedNULLcharacter as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash.Patches
Fixed in c-ares 1.27.0
Workarounds
No workarounds exist.
Credit
Vojtěch Vobr